dfDewey is a digital forensics string extraction, indexing, and searching tool.
Find a file
renovate[bot] 82dcbe1e68
Some checks failed
unit-tests / build-focal (3.8) (pull_request) Has been cancelled
unit-tests / build-focal (3.9) (pull_request) Has been cancelled
unit-tests / build-jammy (3.10) (pull_request) Has been cancelled
Update ubuntu Docker tag to v24
2024-07-16 01:01:16 +00:00
.github/workflows Merge pull request 'Update dependency ubuntu to v22' (#3) from renovate/ubuntu-22.x into master 2024-07-15 09:44:17 +00:00
dfdewey Updates for bulk_extractor v2.0.3 (#33) 2023-10-16 11:29:26 +11:00
docker Update ubuntu Docker tag to v24 2024-07-16 01:01:16 +00:00
docs Add image reparse and deletion functions (#31) 2022-06-03 15:35:43 +10:00
test_data Add JSON output (#32) 2023-05-29 14:21:45 +10:00
.coveragerc Show test coverage 2021-08-18 10:14:57 +10:00
.gitignore Formatting test 2020-11-16 14:30:34 +11:00
.pylintrc postgresql datastore tests 2020-11-17 10:51:36 +11:00
.style.yapf Formatting test 2020-11-16 14:30:34 +11:00
AUTHORS Packaging 2021-10-19 15:10:58 +11:00
CONTRIBUTING.md Added license 2020-03-05 16:12:39 +11:00
dfvfs_requirements.txt Migrate to OpenSearch (#27) 2021-12-20 11:08:29 +11:00
LICENSE Packaging 2021-10-19 15:10:58 +11:00
MANIFEST.in Packaging 2021-10-19 15:10:58 +11:00
README.md Updates for bulk_extractor v2.0.3 (#33) 2023-10-16 11:29:26 +11:00
renovate.json Add renovate.json 2024-05-14 01:01:00 +00:00
requirements.txt Migrate to OpenSearch (#27) 2021-12-20 11:08:29 +11:00
run_tests.py Add JSON output (#32) 2023-05-29 14:21:45 +10:00
setup.cfg Packaging 2021-10-19 15:10:58 +11:00
setup.py Add JSON output (#32) 2023-05-29 14:21:45 +10:00

dfDewey

dfDewey is a digital forensics string extraction, indexing, and searching tool.

Usage

Requirements

bulk_extractor

dfDewey currently requires bulk_extractor for string extraction.

bulk_extractor can be installed from the GIFT PPA.

sudo add-apt-repository ppa:gift/stable
sudo apt update
sudo apt install -y bulk-extractor

bulk_extractor can also be downloaded and built from source here: https://github.com/simsong/bulk_extractor

Note: bulk_extractor v2.0.3 or greater is required.

dfVFS

dfVFS is required for image parsing. It can be installed from the GIFT PPA.

sudo add-apt-repository ppa:gift/stable
sudo apt update
sudo apt install -y python3-dfvfs

It can also be installed using pip:

pip install -r dfvfs_requirements.txt

Datastores

OpenSearch and PostgreSQL are also required to store extracted data. These can be installed separately or started in Docker using docker-compose.

cd docker
sudo docker-compose up -d

Note: To stop the containers (and purge the stored data) run sudo docker-compose down from the docker directory.

dfDewey will try to connect to datastores on localhost by default. If running datastores on separate servers, copy the config file template dfdewey/config/config_template.py to ~/.dfdeweyrc and adjust the server connection settings in the file. You can also specify a different config file location on the command line using -c.

Installation

python setup.py install

Note: It's recommended to install dfDewey within a virtual environment.